Posted
by
msmash
on Thursday August 17, 2017 @03:20PM
from the ahead-of-time dept.

Catalin Cimpanu, writing for BleepingComputer: A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others. The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components. The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team. Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.

Posted
by
msmash
on Thursday August 17, 2017 @02:40PM
from the up-next dept.

Merely weeks after it was announced that Bitcoin was splitting into two separate entities, the initial version of bitcoin and it's new "bitcoin cash," the network is adding a third version, according to a report. From the article: On Wednesday, a group of bitcoiners scheduled yet another split for the network in November, which would create a third version of bitcoin. So, what makes this version different from the others? Right now, the bitcoin network can sometimes take a long time to process transactions due to so many people using it. This is because the "blocks" of transaction data that get added to bitcoin's public ledger, the blockchain, are getting full. In the weeks preceding the fork, bitcoin coalesced around a solution called "segregated witness," which will change how data is stored in blocks to free up some space when it kicks in later in August. But the size of the blocks themselves will stay at one megabyte on the original bitcoin blockchain. Still, some bitcoiners maintained that the only way to speed bitcoin up for the foreseeable future was to increase the size of blocks themselves. So, a group of bitcoin companies and developers got together and launched a fork called bitcoin cash, which does not include segregated witness. It bumped the size of blocks up to a maximum of eight megabytes. That fork was widely anticipated to be a failure before it happened, but at the time of writing, bitcoin cash is trading above $300 USD per coin, which is comparable to cryptocurrencies like ethereum. Sounds like everyone got what they wanted, right? Oh, no. There's a third group of bitcoin developers, companies, and users who advocate for a "best of both worlds approach." This group includes Bitmain, the largest bitcoin infrastructure company in the world, and legendary bitcoin developer Jeff Garzik. They got together back in May and signed what is known as the "New York Agreement," which bound them to implement a two megabyte block size increase alongside segregated witness via a hard fork within six months of the time of signing. They call the fork Segwit2x. Now, that's exactly what's happening. According to an announcement posted to the Segwit2x GitHub repository, a bitcoin block between one and two megabytes will be created at block 494,784.

Posted
by
BeauHDon Wednesday August 16, 2017 @08:05PM
from the coming-soon dept.

New submitter cloud.pt writes: Andy Rubin's Essential Phone will be released next week according to 9to5Google, just shy from its initial June mark. The company has been speculated to be worth around $1.2 billion, after giant Foxconn filed yesterday for a 0.25% acquisition at around $3 million --
clearing unicorn status as it hasn't shipped a single unit at the time. According to Engadget, future and existing pre-orders will have a chance to switch to the Pure White version of the slab, despite initial shipments being scheduled to be of the Black Moon variety. Essential's storefront orders will get the device unlocked, while the only parties offering the device will initially be Sprint. Rumor has it Amazon plans to sell the device as it invested in the company through its Alexa fund. No matter the contract attached, it will come with the full range of network capabilities unlocked.

Posted
by
BeauHDon Tuesday August 15, 2017 @07:20PM
from the great-migration dept.

After being shutdown by Googleand GoDaddy, prominent neo-Nazi website The Daily Stormer has moved their site to the dark web. "The new site is now only available through the Tor network, which allows users to set up their own domains," reports VICE News. "The original site, Dailystormer.com, is now fully offline." From the report: The homepage, as of Tuesday morning, contained articles that make light of the car ramming attack that claimed the life of 32-year-old Heather Heyer; admonish the "Jew media;" liberally employ various racial epithets; and, in a less offensive post, provided an update on which characters are available on Pokemon Go. In a statement, the site's founder promised to bring his site back online. "The Daily Stormer will be live in internet prison with drug dealers, terrorists and perverts, which is where we've been exiled to, for all time," Andrew Anglin said in a statement sent to VICE News. "We should have a real domain online within 24 hours. If it gets shut down again, people will know we are on the black web."

Posted
by
msmash
on Tuesday August 15, 2017 @04:40PM
from the all-alone dept.

An anonymous reader shares a report: One company is sticking by The Daily Stormer and other far-right websites: the cloud security and performance service Cloudflare. Cloudflare acts as a shield between websites and the outside world, protecting them from hackers and preserving the anonymity of the sites' owners. But Cloudflare is not a hosting service: It does not store website content on its servers. And that fact, as far as the company is concerned, exempts it from judgment over who its clients are -- even if those clients are literally Nazis. In a statement Cloudflare sent to Quartz and other publications yesterday, the company refused to explicitly say it will continue to do business with sites like The Daily Stormer, but pointed out that the content would exist regardless of what Cloudflare does or doesn't do. "Cloudflare is aware of the concerns that have been raised over some sites that have used our network. We find the content on some of these sites repugnant. While our policy is to not comment on any user specifically, we are cooperating with law enforcement in any investigation. Cloudflare is not the host of any website. Cloudflare is a network that provides performance and security services to more than 10% of all Internet requests. Cloudflare terminating any user would not remove their content from the Internet, it would simply make a site slower and more vulnerable to attack."UPDATE: The Daily Stormer now says Cloudflare has decided to drop their site after all.

Posted
by
BeauHDon Monday August 14, 2017 @10:05PM
from the flow-of-information dept.

A U.S. federal judge on Monday ruled that LinkedIn cannot prevent a startup from accessing public profile data, in a test of how much control a social media site can wield over information its users have deemed to be public. Reuters reports: U.S. District Judge Edward Chen in San Francisco granted a preliminary injunction request brought by hiQ Labs, and ordered LinkedIn to remove within 24 hours any technology preventing hiQ from accessing public profiles. The dispute between the two tech companies has been going on since May, when LinkedIn issued a letter to hiQ Labs instructing the startup to stop scraping data from its service. HiQ Labs responded by filing a suit against LinkedIn in June, alleging that the Microsoft-owned social network was in violation of antitrust laws. HiQ Labs uses the LinkedIn data to build algorithms capable of predicting employee behaviors, such as when they might quit. "To the extent LinkedIn has already put in place technology to prevent hiQ from accessing these public profiles, it is ordered to remove any such barriers," Chen's order reads. Meanwhile, LinkedIn said in a statement: "We're disappointed in the court's ruling. This case is not over. We will continue to fight to protect our members' ability to control the information they make available on LinkedIn."

Posted
by
EditorDavid
on Saturday August 12, 2017 @04:34PM
from the first-they-came-for-the-videogamers dept.

An anonymous reader quotes the Verge:
Tonight during Valve's yearly Dota 2 tournament, a surprise segment introduced what could be the best new player in the world -- a bot from Elon Musk-backed startup OpenAI. Engineers from the nonprofit say the bot learned enough to beat Dota 2 pros in just two weeks of real-time learning, though in that training period they say it amassed "lifetimes" of experience, likely using a neural network judging by the company's prior efforts. Musk is hailing the achievement as the first time artificial intelligence has been able to beat pros in competitive e-sports... Elon Musk founded OpenAI as a nonprofit venture to prevent AI from destroying the world -- something Musk has been beating the drum about for years.
"Nobody likes being regulated," Musk wrote on Twitter Friday, "but everything (cars, planes, food, drugs, etc) that's a danger to the public is regulated. AI should be too."

- withold the call
- contact Apple push infrastructure using a proprietary protocol to wake up the client app remotely
- wait for the application to reconnect to the infrastructure and release the call when it is ready

This "I know better than you" approach is meant to further optimize battery life on iOS devices by avoiding the use of resources by apps running in background. It has also the positive effect of forcing developers to switch to a push model and remove all periodic pollings that ultimately use mobile data and clog the Internet. However, the decision to use an Apple infrastructure has many consequences for VoIP providers:

- the reliability of serving incoming calls is directly bound to Apple service
- Apple may revoke the PushKit certificate. It thus has life and death decision power over third-party communication infrastructures
- organizations wanting to setup IPBX and use iOS client have no option but to open access for the push services of Apple in their firewall
- It is not possible to have iOS VoIP or communication clients in network disconnected from the Internet
- Pure standard SIP clients are now broken on iOS
The original submission argues that Apple is creating "the perfect walled garden," adding that "Ironically, the only VoIP 'app' that is not affected is the (future?) VoLTE client that will be added to iOS one day."

Posted
by
BeauHDon Saturday August 12, 2017 @09:00AM
from the targets-of-interest dept.

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

Posted
by
BeauHDon Friday August 11, 2017 @11:30PM
from the fake-transactions dept.

An anonymous reader quotes a report from The Verge: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the U.S., The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015. eBay told The Wall Street Journal it "has zero tolerance for criminal activities taking place on our marketplace." Meanwhile, a spokeswoman for PayPal said it "invests significant time and resources in working to prevent terrorist activity on our platform. We proactively report suspicious activities and respond quickly to lawful requests to support law enforcement agencies in their investigations."

Posted
by
msmash
on Friday August 11, 2017 @02:00PM
from the inside-story dept.

New submitter simkel writes: When the Federal Communications Commission went looking this year for experts to sit on an advisory committee regarding deployment of high-speed internet, Gary Carter thought he would be a logical choice. Carter works for the city of Santa Monica, California, where he oversees City Net, one of the oldest municipal-run networks in the nation. The network sells high-speed internet to local businesses, and uses the revenue in part to connect low-income neighborhoods. That experience seemed to be a good match for the proposed Broadband Deployment Advisory Committee (BDAC), which FCC Chairman Ajit Pai created this year. One of the panel's stated goals is to streamline city and state rules that might accelerate installation of high-speed internet. But one of the unstated goals, members say, is to make it easier for companies to build networks for the next generation wireless technology, called 5G. The advanced network, which promises faster speeds, will require that millions of small cells and towers be erected nationwide on city- and state-owned public property. The assignment seemed to call out for participation from city officials like Carter, since municipal officials approve where and what equipment telecommunications companies can place on public rights of way, poles and buildings. But the FCC didn't choose Carter -- or almost any of the other city or state government officials who applied. Sixty-four city and state officials were nominated for the panel, but the agency initially chose only two: Sam Liccardo, mayor of San Jose, California, and Kelleigh Cole from the Utah Governor's Office, according to documents obtained by the Center for Public Integrity through a Freedom of Information Act request. Pai later appointed another city official, Andy Huckaba, a member of the Lenexa, Kansas, city council.
Instead the FCC loaded the 30-member panel with corporate executives, trade groups and free-market scholars. More than three out of four seats on the BDAC are filled by business-friendly representatives from the biggest wireless and cable companies such as AT&T, Comcast, Sprint, and TDS Telecom. Crown Castle International Corp., the nation's largest wireless infrastructure company, and Southern, the nation's second-largest utility firm, have representatives on the panel.

Posted
by
msmash
on Friday August 11, 2017 @10:40AM
from the definitely-maybe dept.

The HBO hacker has struck yet again. From a report: Variety has obtained a copy of another message released Thursday by the anonymous hacker to select journalists in which HBO is apparently responding to the initial video letter that was sent informing the Time Warner-owned company of the massive data breach. The message from HBO, dated July 27, features the network's offer to make a "bounty payment" of $250,000 as part of a program in which "white hat IT professionals" are rewarded for "bringing these types of things to our attention." While the message takes a curiously non-confrontational tone in response to a hacker out to damage HBO, a source close to the investigation who confirmed the veracity of the email explained it was worded that way to stall for time while the company attempted to assess the serious situation.

Posted
by
BeauHDon Thursday August 10, 2017 @08:45PM
from the precise-vehicle-search dept.

schwit1 shares a report from The Sun: Researchers at a Chinese university have revealed the results of an investigation aimed at creating a "repression network" which can identify cars from "customized paintings, decorations or even scratches" rather than by scanning its number plate. A team from Peking University said the technology they have developed to perform this task could also be used to recognize the faces of human beings. Essentially, it works by learning from what it sees, allowing it to differentiate between cars (or humans) by spotting small differences between them. "The growing explosion in the use of surveillance cameras in public security highlights the importance of vehicle search from large-scale image databases," the researcher wrote. "Precise vehicle search, aiming at finding out all instances for a given query vehicle image, is a challenging task as different vehicles will look very similar to each other if they share same visual attributes." They added: "We can extend our framework [software] into wider applications like face and
person retrieval [identification] as well."

Posted
by
msmash
on Thursday August 10, 2017 @04:40PM
from the crackdown dept.

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.

Posted
by
msmash
on Thursday August 10, 2017 @12:09PM
from the eureka-moment dept.

From a report: Facebook's push toward original video content will take a big step forward Thursday with the launch of a new section, dubbed Watch. The new tab, which Facebook FB, said late Wednesday will launch for a limited number of U.S. users for now, will feature about 40 original series, with plans to eventually scale up to hundreds of shows. Facebook said it will become available to more users in the coming weeks. The Mountain View, Calif., social network is hoping to tap into lucrative TV advertising revenue to boost its ever-expanding bottom line. If successful, Watch could stem the ad-load slowdown for the rest of the year that Chief Financial Officer David Wehner warned about last month when Facebook filed its quarterly earnings. Facebook also hopes the Watch tab will open up a new method of advertising that doesn't clutter users' News Feeds, and keep its 2 billion users on its site longer. Company's founder Mark Zuckerberg is understandably very excited about the move. He says the company believes "it's possible to rethink a lot of experiences through the lens of building community -- including watching video. Watching a show doesn't have to be passive. It can be a chance to share an experience and bring people together who care about the same things." If that pitch sounds familiar to you, it's because TV has been doing it for more than 75 years.

Posted
by
BeauHDon Wednesday August 09, 2017 @11:30PM
from the authentic-posts dept.

According to Adweek, the next target in Facebook's efforts to keep its News Feed clean is cloaking -- a technique used by "bad actors" to circumvent Facebook's review processes and show content to people that violates Facebook's Community Standards and Advertising Policies. For example, they will set up web pages so that when a Facebook reviewer clicks a link to check whether it's consistent with Facebook's policies, they are taken to a different web page than when someone using the Facebook app clicks that same link. "Facebook product management director Rob Leathern and software engineer Bobbie Chang described in a Newsroom post how 'bad actors' -- such as those promoting diet pills, pornography or muscle-building scams -- attempt to game the social network's review processes," reports Adweek. From the report: Leathern and Chang said Facebook has removed "thousands" of offenders from its platform over the past few months, and any advertisers or pages that are caught cloaking will be banned, as well. Facebook is using artificial intelligence in its anti-cloaking efforts, expanding efforts by human reviewers to identify, capture and verify incidents of cloaking and revising its policies. Pages that are not engaging in these practices should see no impact in their referral traffic.

Posted
by
msmash
on Wednesday August 09, 2017 @10:45AM
from the oops dept.

An anonymous reader writes: Attacks hitting companies' electrical systems are possible, especially when information that provides insight into those systems' weak points is freely accessible online. If you think that such a thing is unlikely, you probably haven't yet heard about the most recent discovery made by UpGuard researchers: an open port used for rsync server synchronization has left the network of Power Quality Engineering (PQE) wide open to malicious attackers. They managed to access and exfiltrate 205 GB of data from PQE's servers, up until the moment when the company secured its systems two days later after being notified of the problem.

Posted
by
msmash
on Monday August 07, 2017 @12:45PM
from the Engineering-Gaffe dept.

Cisco has admitted to losing customer data during a configuration change its enginners applied to its Meraki cloud managed IT service. From a report: Specific data uploaded to Cisco Meraki before 11:20 am PT last Thursday was deleted after engineers created an erroneous policy in a configuration change to its US object storage service, Cisco admitted on Friday. The company did say that the issue has been fixed, and while the error will not affect network operations in most cases, it admitted the faulty policy "but will be an inconvenience as some of your data may have been lost." Cisco hasn't said how many of its 140,000+ Meraki customers have been affected. The deleted data includes custom floor plans, logos, enterprise apps and voicemail greetings found on users' dashboard, systems manager and phones. The engineering team was working over the weekend to find out whether the data can be recovered and potentially build tools so that customers can find out what data has been lost.

Posted
by
EditorDavid
on Monday August 07, 2017 @12:39AM
from the who-watches-the-watchmen dept.

Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine.
I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.

Posted
by
EditorDavid
on Sunday August 06, 2017 @02:22PM
from the fighting-city-hall dept.

schwit1 quotes a Bloomberg column by Virginia Postrel:
What makes Musk's Hyperloop plan seem like fantasy isn't the high-tech part. Shooting passengers along at more than 700 miles per hour seems simple -- engineers pushed 200 miles-per-hour in a test this week -- compared to building a tunnel from New York to Washington. And even digging that enormously long tunnel -- twice as long as the longest currently in existence -- seems straightforward compared to navigating the necessary regulatory approvals... The eye-rolling comes less from the technical challenges than from the bureaucratic ones.

With his premature declaration, Musk is doing public debate a favor. He's reminding us of what the barriers to ambitious projects really are: not technology, not even money, but getting permission to try. "Permits harder than technology," Musk tweeted after talking with Los Angeles mayor Eric Garcetti about building a tunnel network. That's true for the public sector as well as the private... SpaceX and its commercial-spaceflight competitors can experiment because Congress and President Barack Obama agreed to protect them from Federal Aviation Administration standards. usk is betting that his salesmanship will have a similar effect on the ground. He's trying to get the public so excited that the political pressures to allow the Hyperloop to go forward become irresistible. He seems to believe that he can will the permission into being. If he succeeds, he'll upend not merely intercity transit but the bureaucratic process by which things get built. That would be a true science-fiction scenario.